Tuesday, May 29, 2007

Will conventional virus scanner still work in the future?

Most of today’s virus scanners are signature based. This means that they need a footprint of the malware in order to detect and remove the malicious code. There is nothing new about it. It is also a matter of fact that the Zoo of malicious code is growing each and every day. Unfortunately, there is no issue with endangered species to determine (unfortunately just in this case talking about computer worms and viruses). This day-by-day increase got impact on the signature repository and the time and load a virus scanner needs to check on a computer. You can check this at home. It takes longer and longer to run a complete scan. What’s the way out? Do we need a separate processor core just for scanning the system? This is probably not the best solution. Anti-malware must be reworked, a new approach is needed. This will lead to a merge of different product types: conventional virus scanner and systems checking on anomalies, flaws and vulnerabilities.

No comments: